fix: More secure query
diff --git a/erpnext/buying/doctype/request_for_quotation/request_for_quotation.py b/erpnext/buying/doctype/request_for_quotation/request_for_quotation.py
index 7677534..361ccdf 100644
--- a/erpnext/buying/doctype/request_for_quotation/request_for_quotation.py
+++ b/erpnext/buying/doctype/request_for_quotation/request_for_quotation.py
@@ -378,7 +378,8 @@
and rfq.company = '{1}'
{2}
order by rfq.transaction_date ASC
- limit {3} offset {4} """ \
- .format(filters.get("supplier"), filters.get("company"), conditions, page_len, start), as_dict=1)
+ limit %(page_len)s offset %(start)s """ \
+ .format(filters.get("supplier"), filters.get("company"), conditions),
+ {"page_len": page_len, "start": start}, as_dict=1)
return rfq_data
\ No newline at end of file